| 1 | = Session = |
| 2 | |
| 3 | A session is a stateful abstraction over the stateless HTTP protocol. Basically, repeated requests from the same user / computer form a session. Per-session state is needed to remember essential information like: |
| 4 | * If the user is logged in |
| 5 | * The user's authentication details |
| 6 | * The user's [wiki:TracDev/ReleaseNotes/0.11#UserPreferences preferences] |
| 7 | This is commonly implemented using cookies. |
| 8 | |
| 9 | == Session user interface == |
| 10 | |
| 11 | In Trac's [/prefs/advanced Advanced Preferences] the user can save a session key and restore his session from a different computer. |
| 12 | |
| 13 | == Session administration == |
| 14 | |
| 15 | Session keys can also be managed using the [wiki:TracAdmin#FullCommandReference TracAdmin] ''session'' commands. |
| 16 | |
| 17 | == Session API == |
| 18 | |
| 19 | [source:trunk/trac/web/session.py trac.web.session.Session] provides an API to save arbitrary per-session data. |
| 20 | |
| 21 | The session for the current web request can be accessed in {{{req.session}}}. |
| 22 | |
| 23 | == Session storage in the Database == |
| 24 | |
| 25 | The per-session data is stored in the database. Specifically in the ''session'' and the ''session_attribute'' [wiki:TracDev/DatabaseSchema tables]. (The session key / cookie identifies the relevant entries in these tables.) |
| 26 | |
| 27 | Note: as we often manipulate both the ''session'' and the ''session_attribute'' tables, there's a possibility of table deadlocks (#9705). We try to prevent them to happen by always accessing the tables in the same order within the transaction, first `session`, then `session_attribute`. |
| 28 | |
| 29 | == Session cookie == |
| 30 | |
| 31 | The session key is stored in the ''trac_session'' cookie. |
| 32 | |
| 33 | == Authentication cookie == |
| 34 | |
| 35 | The [source:trunk/trac/web/auth.py trac.web.auth.LoginModule] implements HTTP authentication and stores the ''trac_auth'' cookie to identify the user in subsequent requests. The credentials are stored in the ''auth_cookie'' [wiki:TracDev/DatabaseSchema database table]. (The cookie identifies the relevant entry in that table.) |
| 36 | |
| 37 | The lifetime and the path of this cookie can be configured in [wiki:TracIni#trac-section trac.ini] with ''auth_cookie_lifetime'' and ''auth_cookie_path''. |